Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution due to LFI in '/reinstall_extension' in parisneo/lollms-webui
Vulnerability Description
A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_extension' endpoint of the parisneo/lollms-webui application, specifically within the `name` parameter of the `@router.post("/reinstall_extension")` route. This vulnerability allows attackers to inject a malicious `name` parameter, leading to the server loading and executing arbitrary Python files from the upload directory for discussions. This issue arises due to the concatenation of `data.name` directly with `lollmsElfServer.lollms_paths.extensions_zoo_path` and its use as an argument for `ExtensionBuilder().build_extension()`. The server's handling of the `__init__.py` file in arbitrary locations, facilitated by `importlib.machinery.SourceFileLoader`, enables the execution of arbitrary code, such as command execution or creating a reverse-shell connection. This vulnerability affects the latest version of parisneo/lollms-webui and can lead to Remote Code Execution (RCE) when the application is exposed to an external endpoint or the UI, especially when bound to `0.0.0.0` or in `headless mode`. No user interaction is required for exploitation.
CVSS Information
N/A
Vulnerability Type
路径遍历:’..filename’
Vulnerability Title
LoLLMs WEBUI 安全漏洞
Vulnerability Description
LoLLMs WEBUI是Saifeddine ALOUI个人开发者的一个支持多模型和多模态集成的大模型Web用户界面。 LoLLMs WEBUI存在安全漏洞,该漏洞源于/reinstall_extension端点中name参数存在本地文件包含,可能导致加载和执行任意Python文件,进而引发远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A